Desktop PCs - Do You Still Have Them?

[chronicle]

This might help.

Free Decrypter Available for GandCrab Ransomware Victims

Sent from my BLL-L22 using Tapatalk

[brushless]

Your work pc should be isolated from the internet where most of your important data are stored. You should have another computer solely for online usage. This is without any hardisk, just a USB or DVD live Linux OS. Windows is just too risky to expose it to the internet.

If you want to totally protect your online activity, install Linux Tails on your USB drive and boot from there.

[oj88]

Your work pc should be isolated from the internet where most of your important data are stored. You should have another computer solely for online usage. This is without any hardisk, just a USB or DVD live Linux OS. Windows is just too risky to expose it to the internet.

If you want to totally protect your online activity, install Linux Tails on your USB drive and boot from there.

Air gapping is probably justified when you're primarily working on highly-classified, confidential, or high profile information, digitally stored on a computer. But for the average user, it's impractical.

Almost any work that involves a computer nowadays needs access to the Internet almost constantly. Cloud productivity (Google Suite, Office365, etc.), cloud storage, online research, B2B and B2C transactions, communications (Email, IM, Presence, collaboration, voice/video conferencing), etc. etc.

In fact, there's now only a fine line between corporate devices and personal devices (BYOD). People tend to work using whatever devices they have on-hand. They don't need to get back to their work PC to respond to an email. They respond using their own personal mobile device or even their home PC.

What is important is to have an end-to-end security solution that uses security products (UTM, firewall, DLP, web security, email security, endpoint security, etc.) and security practices (ie. Adherence to the PH DPA) to prevent or at the least, make breaches and data leaks very difficult to impossible to do.

[brushless]

Air gapping is probably justified when you're primarily working on highly-classified, confidential, or high profile information, digitally stored on a computer. But for the average user, it's impractical.

It's justified for my case. I can't risk it. Two desktops for permanent offline work. Unhackable. I transfer files using the fax/modem 56k V.92, BBS, old school.

Almost any work that involves a computer nowadays needs access to the Internet almost constantly. Cloud productivity (Google Suite, Office365, etc.), cloud storage, online research, B2B and B2C transactions, communications (Email, IM, Presence, collaboration, voice/video conferencing), etc. etc.

I can do all of that on a live USB (w/ physical write protect switch).

What is important is to have an end-to-end security solution that uses security products (UTM, firewall, DLP, web security, email security, endpoint security, etc.) and security practices (ie. Adherence to the PH DPA) to prevent or at the least, make breaches and data leaks very difficult to impossible to do.

So much no. I only use TOR.

Security doesn't need to be so complex.

1) Isolate your desktop computer (work) from the internet
2) Use a Live USB (Tails) with write protect if accessing the internet
3) Use TOR Browser

Done.

Online banking, NOPE.
Passbook, YES.
No ATM.

Not forgetting to tape the webcam and mic. Lol!

[SpinCycle]

It's justified for my case. I can't risk it. Two desktops for permanent offline work. Unhackable. I transfer files using the fax/modem 56k V.92, BBS, old school.



I can do all of that on a live USB (w/ physical write protect switch).



So much no. I only use TOR.

Security doesn't need to be so complex.

1) Isolate your desktop computer (work) from the internet
2) Use a Live USB (Tails) with write protect if accessing the internet
3) Use TOR Browser

Done.

Online banking, NOPE.
Passbook, YES.
No ATM.

Not forgetting to tape the webcam and mic. Lol!

Interesting. Do you live in the PH sir? I wonder what BBSes are still up in the PH. I used to login to them every night.

Isn’t it more secure to transfer via USB then format the thumb drive than sending it through a BBS?

May I ask what made you decide to take security measures to that level?


Sent from my iPhone using Tapatalk

[brushless]

...edited. Double post.

[brushless]

Interesting. Do you live in the PH sir? I wonder what BBSes are still up in the PH. I used to login to them every night.

Yes. Not sure whether there's a local BBS. I'm just new to the system.

IsnÂ’t it more secure to transfer via USB then format the thumb drive than sending it through a BBS?

It's a private BBS.

The internet is like EDSA where everyone is using it. A private BBS is like an underground road where nobody can see it or even know it exist.

May I ask what made you decide to take security measures to that level?

Internet threats like ransomware and whatnot. I've changed my credit card about 5 times when the bank called me up that someone is illegally using it. They even told me where it was used, when it was used and what item was bought. I hope the criminal was caught.

Also, when a virus/malware strikes, it's pretty tiring having to reformat the HD every now and then or rebuild it from a clone/image backup. Windows update can sometimes be a pain in the.

So, it's Windows for offline work, Tails for online and private BBS for file transfers/private communication.

It doesn't get simpler than that.

There's no such thing in the internet where your computer cannot be exploited. Never rely on any security solutions. It doesn't work all the time.

Going old school is the best solution.

Sometimes I use windows for online use to see any unusual activities to see which sites are infested. I've already caught 3.

[oj88]

Yes. Not sure whether there's a local BBS. I'm just new to the system.

It's a private BBS.

The internet is like EDSA where everyone is using it. A private BBS is like an underground road where nobody can see it or even know it exist.

^Wow! lol. It's like I'm talking to someone who have just arrived from the 90's. BBS on dial-up... really? For communications? Jeez... don't forget to backup your floppy disks.

Internet threats like ransomware and whatnot. I've changed my credit card about 5 times when the bank called me up that someone is illegally using it. They even told me where it was used, when it was used and what item was bought. I hope the criminal was caught.

Also, when a virus/malware strikes, it's pretty tiring having to reformat the HD every now and then or rebuild it from a clone/image backup. Windows update can sometimes be a pain in the.

So, it's Windows for offline work, Tails for online and private BBS for file transfers/private communication.

It doesn't get simpler than that.

You must've been accessing some shady and malicious websites to be targeted like that.

I've never have to change credit cards due to fraud... and I do online transactions 99% of the time since about 2010. I've bought subscriptions and other stuff from almost any online stores from Amazon to Wish. Common sense lang kailangan.... I do COD if anything is questionable. But that's only 1 in maybe 10 or 15 transactions.

There's no such thing in the internet where your computer cannot be exploited. Never rely on any security solutions. It doesn't work all the time.

Going old school is the best solution.

Sometimes I use windows for online use to see any unusual activities to see which sites are infested. I've already caught 3.

Watching too many conspiracy movies? But let me ask you... how do you work with your personal or work data when mobile? You bring two devices? One offline and one online?

I agree that the Internet is generally unsafe.... that's a given. Like EDSA is a hazard to both neophyte and experienced drivers. But still, you need to pass through it once in while.

Air-gapping actually makes it more difficult to work on something. You lose productivity moving from one computer to another. Time is money. The best is still to follow online security best practices plus using a decent firewall and endpoint protection.

At home, I have an Untangle NG UTM running in Vmware, a Windows Server 2012 R2 as DHCP and DNS (also in Vmware), a 18TB Windows Home Server 2011 (Plex and Windows devices backup server), a NAS, four Ubiquiti UniFi APs, a Cisco managed switch, a D-Link smart switch, and ESET Internet Security for Windows and Android devices. I've got IoTs all around and I'm proud to say that in our plot of land, I'm managing in excess of 50+ unique IP devices.... IR blasters, Roku 3s, Smart TVs, IP cameras and NVRs, several smart bulbs, a couple of Amazon Echo Dots, a Google Home Mini, several WiFi switches, an environment sensor, a Raspberry Pi 2, UPS, several PCs, laptops, tablets and smartphones.... just off the top of my head.

Just imagine... my lowly electric fan have its own IP address (WiFi switch) which I can control from the Internet or through Alexa.

No, I didn't build this overnight. It grew to that monstrosity as our household needs increased. About 95% of said devices have access to the internet. Many are connected to at least one cloud service. The remaining devices are actually the IP cameras and NVRs... these requires me to connect to my home network through a VPN to view them from the internet. There'll be no peeping toms to worry about.

Anyway, there had been not a single breach. There were a couple of attempts before which was caught by Untangle's IDS/IPS and another by pfSense IDS/IPS (prior to switching to Untangle). But even though I am less restrictive compared to what you're proposing, I also keep an "assume breach" mindset and if such an event occur in the future, I've got the daily and weekly Windows backups to recover from.

[myas110]

This might help.

Free Decrypter Available for GandCrab Ransomware Victims

Sent from my BLL-L22 using Tapatalk

Will try it soon. Dahil siguro sa instance na nag download ng file yung kapatid ko kaya nadale yung PC namin sa bahay. Andun pa naman sa PC yung pics and music files ko

Sent from my ASUS_Z011D using Tapatalk

[brushless]

You must've been accessing some shady and malicious websites to be targeted like that.

Nope. An attack can occur on Twitter, YouTube and Instagram. In fact, it can occur on any website the hacker wishes to monitor on its users. You'll be amazed by how much info they can get from you. They can even have access to your mobile phone and turn it into a listening device.

I've never have to change credit cards due to fraud...

I guess you're not of interest to them.

Watching too many conspiracy movies? But let me ask you... how do you work with your personal or work data when mobile? You bring two devices? One offline and one online?

Are you still studying?

When mobile, like at the airport, I simply call my agent in Hong Kong to prepare the contract for the factory in Chaozhou and have it faxed or emailed to me. I'll sign it later or he can sign it on my behalf.

People can do the work for you in the office you know. Lol

Air-gapping actually makes it more difficult to work on something. You lose productivity moving from one computer to another. Time is money. The best is still to follow online security best practices plus using a decent firewall and endpoint protection.

Sorry, it's just not the case for me. I can still work fine, no problem. How hard would it be copying files from USB to USB? Thanks for the advice though.

Firewall? Anti Malware/Spware/AV? Are you kidding me?

You know how much time is wasted cleaning the virus or malware? When you thought you've cleaned it, it pops up again in your browser. You don't know what files it has infected in your system. What is worst is that after cleaning, your system does not work fine anymore. Either it freezes on you or simply too slow to work on. You then do some troubleshooting and hairpulling. The best remedy for this is to simply nuke the hardisk and start from backup. How many hours wasted.

You talk about productivity loss, this is productivity loss.

Anyway, there had been not a single breach. There were a couple of attempts before which was caught by Untangle's IDS/IPS and another by pfSense IDS/IPS (prior to switching to Untangle). But even though I am less restrictive compared to what you're proposing, I also keep an "assume breach" mindset and if such an event occur in the future, I've got the daily and weekly Windows backups to recover from.

If you think this can work effectively, why would Snowden use TOR?

Good luck on your backups though. I never have to do that anymore due to an attack or infection. I do it because the hardisk is going to go anytime. Lol!